CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Would you expect an end user to log on to a cybercriminal’s computer, open their browser, and type in their usernames and passwords? Hopefully not! But that’s essentially what happens if they fall victim to a Browser-in-the-Middle (BitM) attack.
Like Man-in-the-Middle (MitM) attacks, BiTM sees criminals look to control the data flow between the victim’s computer and the target service, as
May 28th, 2025 (22 days ago)
|
|
May 28th, 2025 (22 days ago)
|
|
Description: Czech authorities said they assessed with “a high degree of certainty” that a Chinese cyber-espionage group known as APT31, Judgment Panda, Bronze Vinewood or RedBravo tried to hack into a government network.
May 28th, 2025 (22 days ago)
|
CVE-2025-27526 |
Description: Deserialization of Untrusted Data vulnerability in Apache InLong.
This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability which can lead to JDBC Vulnerability URLEncdoe and backspace bypass. Users are advised to upgrade to Apache InLong's 2.2.0 or cherry-pick [1] to solve it.
[1] https://github.com/apache/inlong/pull/11747
EPSS Score: 0.12%
May 28th, 2025 (22 days ago)
|
|
CVE-2025-27522 |
Description: Deserialization of Untrusted Data vulnerability in Apache InLong.
This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability is a secondary mining bypass for CVE-2024-26579. Users are advised to upgrade to Apache InLong's 2.2.0 or cherry-pick [1] to solve it.
[1]
https://github.com/apache/inlong/pull/11732
EPSS Score: 0.16%
May 28th, 2025 (22 days ago)
|
|
Description: Missing Authorization in DinoRANK
Wed, 05/28/2025 - 11:01
Aviso
Affected Resources
DinoRANK
Description
INCIBE has coordinated the publication of a medium severity vulnerability affecting DinoRANK, a SEO tool. The vulnerability was discovered by Pablo Alcarria.This vulnerability has been assigned the following code, CVSS v4.0 base score, CVSS vector and CWE vulnerability type:CVE-2025-40673: CVSS v4.0: 5.3 | CVSS AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N | CWE-862
Identificador
INCIBE-2025-0275
3 - Medium
Solution
The vulnerability has been fixed by DinoRANK team in the latest version.
Detail
CVE-2025-40673: A Missing Authorization vulnerability has been found in DinoRANK. This vulnerability allows an attacker to access invoices of any user via accessing endpoint '/facturas/YYYY-MM/SDRYYMM-XXXXX.pdf' because there is no access control. The pdf filename can be obtained via OSINT, insecure network traffic or brute force.
References list
DinoRANK
Etiquetas
0day
Update
CNA
Vulnerability
...
EPSS Score: 0.04%
May 28th, 2025 (22 days ago)
|
|
CVE-2025-5025 |
Description: libcurl supports *pinning* of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC and HTTP/3. Since pinning makes the transfer succeed if the pin is fine, users could unwittingly connect to an impostor server without noticing.
EPSS Score: 0.02%
May 28th, 2025 (22 days ago)
|
|
CVE-2025-4947 |
Description: libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks.
EPSS Score: 0.02%
May 28th, 2025 (22 days ago)
|
|
May 28th, 2025 (22 days ago)
|
|
Description: Apple on Tuesday revealed that it prevented over $9 billion in fraudulent transactions in the last five years, including more than $2 billion in 2024 alone.
The company said the App Store is confronted by a wide range of threats that seek to defraud users in various ways, ranging from "deceptive apps designed to steal personal information to fraudulent payment schemes that attempt to exploit
May 28th, 2025 (22 days ago)
|